Vaadin 24.4: Introducing the code-first AI-powered UI editor and React seamlessly integrated into the Vaadin platform

Privacy and Cookies

Privacy policy and cookie policy updated 11 Nov 2020; version 2

Privacy Policy


With this privacy policy Vaadin provides information to data subjects on the processing of their personal data, as required by the EU General Data Protection Regulation (“GDPR”) and the Finnish Data Protection Act. In addition, this privacy policy contains general information regarding Vaadin’s data protection principles for Vaadin’s developer community members, customers and other stakeholders.


Name: Vaadin Ltd (Finnish Business ID 1613563-9; “Vaadin”) 

Street address: Lemminkäisenkatu 3, FI-20540 Turku, Finland

E-mail address:

Contact person: Mr Jurka Rahikkala ( / +358 50 3368 560)


Vaadin’s customer, community member and stakeholder register


Vaadin processes personal data for the following purposes on the following legal bases:

Performance of a contract: Vaadin processes information provided by customers to fulfill agreements entered into with customers. Without the personal data Vaadin would not be able to provide its products and services as requested by the customer, process orders, enable login to customer accounts, verify customer transactions, contact the customer regarding contract matters, provide technical support or invoice for its products and services.

Consent: Vaadin will ask website visitors for their consent to the use of cookies and other similar technologies. Vaadin may also request the consent of the data subject if the purpose for the processing changes. In addition, Vaadin may, with the data subject’s consent, process other personal information related to the customer or community member relationship.

Legitimate interest: Vaadin processes information for the purposes of delivering and improving its products and services, analyze the use of its products and services, carry out customer surveys, marketing its products and services to relevant companies, target content, advertising and marketing messages, organize events, prevent and detect misuse, and file and defend legal claims. These purposes are necessary for Vaadin’s business and justified by the objective link between the data subject and Vaadin and thus in Vaadin’s legitimate interest. For specific personal reasons, the data subject has the right to object processing personal data on him/her, when the processing is based on Vaadin’s legitimate interest.

Legal obligation: Vaadin may be required to process certain personal data to comply with a legal obligation, for example in connection with its obligation to maintain bookkeeping material.5. 

The register contains personal data on the following groups of data subjects:
  1. Representatives for B2B customers
  2. Representatives for suppliers, partners, prospective customers and other stakeholders
  3. Registered community members
  4. Persons who have been in contact with Vaadin
The following information may be processed in connection with the register:
  • Basic company information such as business name, business ID, postal address, visiting address, e-mail address and telephone number
  • Basic information on the contact person, decision-maker, community member or other data subject, such as name, position or profession, address, e-mail address and telephone number
  • Information relating to the customer relationship or other relevant connection to Vaadin, such as language, customer number, purchased products and services, time of delivery, other information related to the delivery of products and services, complaint information, seller information in relation to agreements
  • Information relating to use of products, services and benefits, such as the browser, IP address, device ID, time of visit, visited pages and browsing history
  • Information on billing, payment and debt collection
  • Information on direct marketing consents and prohibitions
  • Information on preferred forms of communication and information on changes in the information
  • Information relating to communication, such as e-mails, chat history and call recordings
  • Log-in information for online services; event and user analysis data
  • Data generated on the basis of trade register extracts and other similar registers
  • Other information provided by the data subject, such as contact requests or forum messages, or other information processed with the consent of the data subject

Personal data is obtained primarily from the data subjects themselves. Vaadin may, however, also receive information from authorities, credit information companies, contact information service providers and other similar reliable sources. Vaadin may also collect and update personal data for the purposes described in this privacy policy from publicly available sources such as newspapers and other news sources, professional social media networks and company websites, as well as based on information received from third parties within the limits of the applicable legislation. In addition, personal data may be collected when using Vaadin’s products and services or by using data enrichment services.


Personal data may be shared with Vaadin’s group companies. Personal data may be transferred to service providers and other sub-processors used by Vaadin. Furthermore, personal data may be disclosed to the authorities in accordance with the legal obligations of Vaadin. 

Vaadin transfers personal data outside the EU/EEA as a part of its operations (for example to the United States). When Vaadin transfers personal data, it makes sure that the personal data in question is appropriately protected and as required by the privacy legislation in force at the time for example by using the European Commission standard contractual clauses.


Vaadin stores the data as long as it is necessary for the purpose of processing the data. Once the purpose and legal basis for the processing has ended, the data is erased in accordance with applicable legislation. 

The personal data relating to customers will be deleted when the measures, obligations and responsibilities related to the data have ended and the claim period related to the customer relationship has expired. Customer data is typically retained for a period of ten (10) years from the end of the customer relationship. Community member data is typically retained for a period of ten (10) years from the community member’s last login to the online service.


The use of systems or electronic registers containing personal data is restricted to Vaadin employees and suppliers only, who work under a non-disclosure agreement and are bound by data protection requirements. 

The data is collected into databases protected by firewalls, passwords and other technical measures.

Any printed and other physical material is kept in a locked space that is accessible by authorized personnel only.

Persons authorized to access personal data receive regular training related to data protection, and data protection arrangements are audited regularly.


The data subject has certain rights related to personal data that Vaadin processing on him/her, including the following:

  • right to obtain information on the processing of his/her personal data
  • right of access to his/her data
  • right to rectification of his/her data
  • right to the erasure of his/her data
  • right to restrict the processing of his/her data
  • right to object to the processing of his/her data
  • right to withdraw his/her consent where Vaadin processes data based on the data subject’s consent (withdrawing the consent does not affect the lawfulness of any processing carried out before the withdrawal of the consent)
  • right to lodge a complaint with the supervisory authority

Not all of these rights can be exercised in all situations, depending on factors such as the basis for the processing of personal data.

A data subject that wishes to exercise any of his/her rights referred to above in encouraged to contact Vaadin by use of the e-mail address In order to ensure effective processing of the request, the data subject is advised to specify the request in detail and describe the context accurately. Vaadin may request additional information regarding the requests, as well as reliable identification of the person making the request.


Vaadin reserves the right to change the privacy policy and cookie policy at any time and recommends that all customers, community members, other stakeholders and website visitors review the contents of these policies regularly.


Cookies are used on Vaadin's website and social media functions. A cookie is a small text file that a browser stores on the user’s terminal. For more information on cookies, please see

Vaadin and its partners use cookies and other similar technologies to maintain and develop the website, to improve and analyze the user experience, for statistical purposes, to customize content and to target advertising and marketing messages in the services of Vaadin and its partners.

Cookies and other similar technologies are used to collect information on how and when the services are used: for example information on the webpage from which the user has accessed the service, the websites that have been browsed by the user, the time for such browsing, browser details, screen resolution details, device operating system and version details and IP address.

The following different types of cookies are used on Vaadin’s website:

Necessary cookies: these cookies are necessary for the proper functioning of the website and for enabling a good user experience. These cookies do not collect information identifying the user.

Functional cookies: these cookies allow storage of information affecting the appearance or functions of the webpage. These cookies register, for example, the user's language settings and geographical area.

Statistical and Analytical Cookies: with the help of these cookies, the website owner understands how visitors interact with the website. These cookies make it possible to improve the functionality of the website.

Marketing Cookies: These cookies help the website owner to make the content of its website as personal as possible. For example, cookies can be used to display targeted advertising and content based on a user’s past online behavior. Vaadin uses marketing cookies managed by third parties to present its products and services on both its own and third-party websites.

Vaadin’s services may have a so-called third-party cookies. Third parties refer to parties outside Vaadin, such as measurement and monitoring service providers (e.g. Google Analytics). These so-called third parties may set cookies on the user’s terminal when the user visits Vaadin’s services, for example to register statistics on the number of visitors to various webpages.

Vaadin’s services may use the so-called community plug-ins that allow Vaadin to show social media (such as Facebook) content on its website. The third-party providers of community plug-ins may set cookies related to their own services in accordance with their own policies. The user can familiarize itself with the social media services and their privacy policies in the respective service.

Vaadin uses both session-specific cookies, which expire when the user closes the web browser, and persistent cookies, which remain on the user’s device for a certain period of time or until the user deletes them. The validity period of persistent cookies varies from a few months to a few years. The user can also influence the data retention period.

The user may choose to disable the use of cookies in the browser settings, but the webpages may not work properly after such disabling. Vaadin recommends the use of cookies in Vaadin’s online store for the best user experience.

Cookies used by Vaadin
























Paikallinen tallennustila